Security and Compliance Documents

About Code42 Code42 is the leader in Insider Risk Management. Native to the cloud, the Code42® Incydr™ solution rapidly detects data loss and speeds incident response without inhibiting employee productivity. With Code42, security professionals can protect corporate data and reduce insider threats while fostering an open and collaborative culture for employees. More than 50,000 organizations worldwide, including the most recognized brands in business and education, rely on Code42 to safeguard their ideas. For more information, visit code42.com. Gartner Peer Insights 35+ Verified Security Reviews 4.9 out of 5 stars WHITEPAPER CMMC What CMMC level is required from companies? The DoD has made it clear that all companies doing business with the DoD will need to be at minimum, Level 1 certified. If CUI and FCI is processed Level 3 is required. How long is the CMMC certification valid? 3 years Incydr Highlights Monitors ALL exfiltrated file movement - including CUI, FCI and other sensitive data Provides the capability to Detect, Investigate and Respond to file exposure and exfiltration including web browser uploads, cloud sync activity, file sharing, Airdrop, and use of removable media. Incydr CMMC Self-Assessment Level Incydr has completed a detailed self-assessment of CMMC including practices and processes. Based on this, Incydr aligns with the requirements of CMMC Level 3 which focuses on the protection of CUI and FCI and encompasses in NIST SP 800-171 Rev. 2 and DFARS Clause 252.204.7012. Additionally, Incydr aligns with the subset of enhanced security requirements from draft NIST 800-171B as well as other Cybersecurity best practices. These practices enhance the detection and response capabilities of an organization's Incident Response capabilities and to address and adapt to the changing tactics, techniques and procedures (TTP's) used by APT's. * https://www.acq.osd.mil/cmmc/ Level 1 B A S I C C Y B E R H YG I E N E Level 2 I N T E R M E D I AT E C Y B E R H YG I E N E Level 4 P R OAC T I V E Level 5 A D VA N C E D / P R O G R E S S I V E 17 PRACTICES Equivalent to all practices in Federal Acquisition Regulation (FAR) 48 CFR 52.204-21 72 PRACTICES Comply with the FAR Includes a select subset of 48 practices from the NIST SP 800-171 r1 Includes an additional 7 practices to support intermediate cyber hygiene 156 PRACTICES Comply with the FAR Encompasses all practices from NIST SP 800-171 r1 Includes a select subset of 11 practices from Draft NIST SP 800-171B Includes an additional 15 practices to demonstrate a proactive cybersecurity program 171 PRACTICES Comply with the FAR Encompasses all practices from NIST SP 800-171 r1 Includes a select subset of 4 practices from Draft NIST SP 800-171B Includes an additional 11 practices to demonstrate an advanced cybersecurity program Level 3 G O O D C Y B E R H YG I E N E 130 PRACTICES Comply with the FAR Encompasses all practices from NIST SP 800-171 r1 Includes an additional 20 practices to support good cyber hygiene © 2022 Code42 Software, Inc. All rights reserved. | CP_CMMC_Code42

• Cover